Fix RDSRV Malware (VSearch/Downlite)

Apr 14, 2015

The past week has been an absolute disaster for me as far as Web Security is concerned. My Macbook Pro picked up an adware from some shitty website that would not show up in most Adware Removal Tools. It was after a lot of research and thanks to Thomas from The Safe Mac that I managed to fix the problem. In this article, I will guide you through the process and how I realised that the problem was not on my Mac, but in my Modem. Learn how to remove rdsrv malware from your network and computer.

Types of Adware Threats

Before we start working on our issue, we need to understand the various types of problems adware can create for us:

Software Threats (on your computer)

Hardware Threats (on your Modem/Router)

Software Threats

These can generally be solved by running an Adware Removal Tool such as AdwareMedic for Mac or Bitdefender for Windows. Its a really quick process and both these tools are more than capable of removing any kind of Adware from your computer.

Once the tool has done its job, you need to reset your browser. For Chrome users, go to Settings > Advanced Settings and at the bottom of the page, there will be an option called Reset Settings. Note: This will clear your browsing history, cache and cookies. Here are some screenshots for resetting Chrome:

After this process is complete, you need to restart your machine and delete anything in the Trash. This should deal with Adware Threats on your computer. If you’re still getting the popups, it means your hardware/network has been hacked. Don’t worry, keep reading.

Hardware Threats

These are pretty tricky to deal with and if you not a technical person, I would recommend you take help from one who is. In such cases, the adware has taken over your hardware device like a modem or a router and is rewriting links before they event get to your browser. Essentially, there are two parts to fixing this threat:

Factory Reset your device to its original settings

Upgrade your device Firmware

Before you start Factory Resetting any device, its a good idea to make a backup. The following screenshot shows the Reset Screen for a DLink DSL 2520U Modem:

You also need to download the latest firmware for your router from the respective Manufacturer Page. Make sure that you download the correct firmware and that it is compatible with your version of the modem/router.

After your modem/router is set to factory defaults and is upgraded with the latest firmware, you need to configure it with your ISP and create a new Wireless Network with a strong password.

Important Note: If you are still having problems after following both types of adware removal techniques, then it might be possible that a corrupted DNS has been added to your list of DNS servers. On your computer, go to your Network Settings and use manual IP configuration instead of DHCP and insert the correct DNS addresses by yourself.

That’s it! After this process is complete, you will have eliminated almost all kinds of adware threats from your network and computer.

Safety Measures

The internet is a scary place. You need to be really cautious online and use your brain to make decisions on what links you should open or not. That being said, there are a few things that you can do so that such issues don’t pop-up (see what I did there?) more often: